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—The MAILING DATE of this communication appears on the cover sheet beneath the correspondence address— 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE J MONTH(S) FROM THE MAILING DATE 
OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.1 36(a). In no event, however, may a reply be timely filed after SIX (6) MONTHS 
from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, such period shall, by default, expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely, may reduce any earned patent 
term adjustment See 37 CFR 1 .704(b). 

Status 3 y 

^^Responsive to communication® filed on *£S~~ — 

□ This action is FINAL r 

□ Since this application is in condition for allowance except for formal matters, prosecution as to the merits is closed in 
accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 ; 453 O.G. 21 3. 

Disposition of Claims 

^^plaim(s) y ^fe/are pending in the application. 

Of the above claim(s) . : is/are withdrawn from consideration. 

□ Claim(s^ — is/are allowed. 

^JSr Claim(s) / . ^are rejected. 

^aTCIaimjW- _ j^TOobjected to. 

□ Claim(s) — _ are subject to restriction or election 

Application Papers requirement 

□ The proposed drawing correction, filed on is □ approved □ disapproved. 

□ The drawing(s) filed on is/are objected to by the Examiner 

□ The specification is objected to by the Examiner. 

□ The oath or declaration is objected to by the Examiner. 

Priority under 35 U.S.C. § 1 1 9 (aH<A 

□ Acknowledgement is made of a claim for foreign priority under 35 U.S.C. § 1 1 9 (aHd). 
□ All □ Some* □ None of the: 

□ Certified copies of the priority documents have been received. 

□ Certified copies of the priority documents have been received in Application No 

□ Copies of the certified copies of the priority documents have been received 

in this national stage application from the International Bureau (PCT Rule 1 7.2(a)) 
•Certified copies not received: : . 



Attachments) 

^^Information Disclosure Statement®, PTO-1449, Paper No(s). ^ D Interview Summary, PTO-413 

□ Notice of Reference® Cited, PTO-892 □ Notice of Informal Patent Application, PTO-1 52 

Q Notice of Draftsperson's Patent Drawing Review, PTO-948 □ othpr 
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1. Claims 18 is objected to for not fully complying with the requirements of Patent Rule § 1.75 
because claim 18 is not in the form of a single sentence and contains obvious typographical errors such 
as duplicate text. Correction is required. 

2. The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness 
rejections set forth in this Office action: 

A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was 
made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall 
not be negatived by the manner in which the invention was made. 

Subject matter developed by another person, which qualifies as prior art only under subsection (f) or (g) 
of section 102 of this title, shall not preclude patentability under this section where the subject matter and 
the claimed invention were, at the time the invention was made, owned by the same person or subject to 
an obligation of assignment to the same person. 



3. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over CyberCop Scanner 
by Network Associates as described in Info World article entitled " Test Center Comparison " (hereafter 
referred to as 'CyberCop') in view of InfoWorld article entitled, " The Ins and Outs of a Network Security 

Audit " (hereafter referred to as 'Security Audit'). 

As to claims 1, 4, 11, 12, 14, 15 CyberCop discloses the instant invention essentially as 
claimed with the exception that CyberCop does not specify generating a configuration baseline or 
a file system database for use in other utility functions. CyberCop discloses a security system 
having a module analyzing portions of a network for identifying network vulnerabilities (page 2, forth 
paragraph from last) and a memory containing security information for performing the analysis (page 3, second 
from last paragraph), but is not specifically disclosed as providing suggested fixes though the article 
implies such (see P a ge 2, second from last paragraph). Because it is well known to repair known security flaws 
and because it is known to automate that which was known to done manually, In re Venner , 120 
USPQ 192 (ccpa 1958), "Furthermore, it is well settled that it is not 'invention 9 to broadly provide 
a mechanical or automatic means to replace manual activity which has accomplished the same 
result.", it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to include within the device of CyberCop an automated security flaw repair module so 
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as to receive the obvious benefit derived therefrom such as repairing known network security 
flaws. As to generating a configuration baseline or a file system database for use in other utility 
functions, Security Audit discloses on page 4, first paragraph that network audit results should be 

Stored for Comparison tO future audits (system configuration and vulnerability baseline determined by the audit). Because 

CyberCop and the teachings of Security Audit are within the art of network security, because 
Security Audit teaching maintaining reports for comparison to future audits and because such 
computerized reports are commonly stored in the form of a database, it would have been obvious 
to one of ordinary skill in the art at the time the invention was made to include within the device 
of CyberCop the storing of a baseline audit configuration within a database for future reference so 
as to receive the expected benefits derived there from such as enhanced system flexibility and 
determination of network configuration and vulnerability histories absent a showing of unexpected 
results or synergistic effects from any particular claimed combination. 

As to claims 2, 3, 8 and 19, CyberCop uses a graphical user interface (see screen snapshot from 

SoftSeek.com). 

As to claims 5 and 13, said claims are directed towards a utility module capable of 
repairing detected security flaws. CyberCop does not specifically disclose automating the fixes 
suggested. Because it is well known to repair known security flaws, because it is well known that 
supervisory utilities are used to fix security flaws and because it is known to automate that which 
was known to done manually, In re Vernier , 120 USPQ 192 (ccpa 1958), "Furthermore, it is well 
settled that it is not 'invention ' to broadly provide a mechanical or automatic means to replace 
manual activity which has accomplished the same result", it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to include within the device of 
CyberCop an automated security flaw repair module, including a supervisory module, so as to 
receive the obvious benefit derived therefrom such as repairing known network security flaws 
absent a showing of unexpected results or synergistic effects from any particular claimed 
combination. 

As to claims 6, 7 and 20, CyberCop supports Unix network environments (seepage 10 bottom). 
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As to claims 9 and 1 6, CyberCop discloses an upgradable list of vulnerabilities (see bottom of 

page 4). 

As to claims 10 and 18, CyberCop is disclosed as supporting password cracking (page 3 second 
from last paragraph) but does not specify using a dictionary. Because it is known in general to use 
dictionaries to break password files and because CyberCop discloses password cracking, it would 
have been obvious to one of ordinary skill in the art at the time the invention was made to include 
within the system of CyberCop a dictionary so as to use a well known method to break password 
files so as to receive the obvious benefits derived therefrom such as enhanced system security 
1 absent a showing of unexpected results or synergistic effects from any particular claimed 
combination. 

As to claim 17, said claim includes detecting if excessive system services are running. 
Because the theft of processing time is one of the most common byproducts of intrusions into a 
network, because the overwriting of logs to cover-up such theft is well known, because 
monitoring CPU usage real-time is extremely well known, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to include within the system of 
CyberCop a CPU usage monitor so as to receive the obvious benefits derived therefrom such as 
enhanced system security absent a showing of unexpected results or synergistic effects from any 
particular claimed combination. 



4. Any inquiry concerning this communication or earlier communications from the Examiner 
should be directed to Craig Steven Miller whose telephone number is (703) 305-9730. Art Unit 
facsimile services are now available at (703) 872-9306. 

The Examiner can normally be reached on Mondays-Friday from 07:30am-4:00pm EST. 
Should repeated attempts to reach the Examiner be unsuccessful, the Examiner's Supervisor, Marc 
Hoff may be reached at (703) 308-1677. 

Any inquiry of a general nature or relating to the status of this application should be directed to 
the Group receptionist whose telephone number is (703) 308-0956. 




Craig Steven Miller (ss) SUPERVISORY PATENT EXAMINER 

28 October 2003 TECHNOLOGY CENTER 2800 



